FortiGuard Labs is aware of a report that a new ransomware strain named “RansomBoggs” was deployed to multiple unnamed organizations in Ukraine. The ransomware encrypts files on compromised machines and provides attacker’s contact information for victims to talk with the attacker for file recovery.Why is this Significant?This is significant because RansomBoggs is the latest ransomware that targets Ukrainian organizations. Based on the tactics, techniques, and procedures (TTPs) used in the attack, security vendor ESET attributed RansomBoggs to the Sandworm APT group who is believed to be associated with the Main Directorate of the General Staff of the Armed Forces of the Russian Federation.What is RansomBoggs Ransomware?RansomBoggs ransomware encrypts files on compromised machines and adds a “.chsch” file extension to the affected files. It drops a ransom note requesting victims to get in touch with the attacker for file recovery.Currently, there is no indication that RansomBoggs ransomware has wiper functionality.What is the Status of Coverage?FortiGuard Labs provides the following AV signature for RansomBoggs ransomware:MSIL/Filecoder.A!tr.ransom
More Stories
CVE-2016-15023
A vulnerability, which was classified as problematic, was found in SiteFusion Application Server up to 6.6.6. This affects an unknown...
USN-5836-1: Vim vulnerabilities
It was discovered that Vim was not properly performing memory management operations. An attacker could possibly use this issue to...
CVE-2020-20402
Westbrookadmin portfolioCMS v1.05 allows attackers to bypass password validation and access sensitive information via session fixation. Read More
pesign-116-1.fc37
FEDORA-2023-e77628f240 Packages in this update: pesign-116-1.fc37 Update description: New upstream release (116) Fix CVE-2022-3560 This is a privilege escalation in...
pesign-115-4.fc36
FEDORA-2023-5399953e3b Packages in this update: pesign-115-4.fc36 Update description: Fix CVE-2022-3560 This is a privilege escalation in the pesign-authorize script, which...
USN-5835-3: Nova vulnerability
Guillaume Espanel, Pierre Libeau, Arnaud Morin, and Damien Rannou discovered that Nova incorrectly handled VMDK image processing. An authenticated attacker...